|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* The MIT License (MIT) |
|
5
|
|
|
* |
|
6
|
|
|
* Copyright (c) 2014-2016 Spomky-Labs |
|
7
|
|
|
* |
|
8
|
|
|
* This software may be modified and distributed under the terms |
|
9
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Jose\Test\RFC7520; |
|
13
|
|
|
|
|
14
|
|
|
use Base64Url\Base64Url; |
|
15
|
|
|
use Jose\Factory\DecrypterFactory; |
|
16
|
|
|
use Jose\Factory\EncrypterFactory; |
|
17
|
|
|
use Jose\Factory\JWEFactory; |
|
18
|
|
|
use Jose\Loader; |
|
19
|
|
|
use Jose\Object\JWK; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* @see https://tools.ietf.org/html/rfc7520#section-5.3 |
|
23
|
|
|
* |
|
24
|
|
|
* @group RFC7520 |
|
25
|
|
|
*/ |
|
26
|
|
|
class PBES2_HS512_A256KWAndA128CBC_HS256EncryptionTest extends \PHPUnit_Framework_TestCase |
|
27
|
|
|
{ |
|
28
|
|
|
/** |
|
29
|
|
|
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different). |
|
30
|
|
|
* The output given in the RFC is used and only decrypted. |
|
31
|
|
|
*/ |
|
32
|
|
|
public function testPBES2_HS512_A256KWAndA128CBC_HS256Encryption() |
|
33
|
|
|
{ |
|
34
|
|
|
$expected_payload = ['keys' => [ |
|
35
|
|
|
[ |
|
36
|
|
|
'kty' => 'oct', |
|
37
|
|
|
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a', |
|
38
|
|
|
'use' => 'enc', |
|
39
|
|
|
'alg' => 'A128GCM', |
|
40
|
|
|
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A', |
|
41
|
|
|
], [ |
|
42
|
|
|
'kty' => 'oct', |
|
43
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
44
|
|
|
'use' => 'enc', |
|
45
|
|
|
'alg' => 'A128KW', |
|
46
|
|
|
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ', |
|
47
|
|
|
], [ |
|
48
|
|
|
'kty' => 'oct', |
|
49
|
|
|
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d', |
|
50
|
|
|
'use' => 'enc', |
|
51
|
|
|
'alg' => 'A256GCMKW', |
|
52
|
|
|
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8', |
|
53
|
|
|
], |
|
54
|
|
|
]]; |
|
55
|
|
|
|
|
56
|
|
|
$private_key = new JWK([ |
|
57
|
|
|
'kty' => 'oct', |
|
58
|
|
|
'use' => 'enc', |
|
59
|
|
|
'k' => Base64Url::encode("entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun"), |
|
60
|
|
|
]); |
|
61
|
|
|
|
|
62
|
|
|
$protected_headers = [ |
|
63
|
|
|
'alg' => 'PBES2-HS512+A256KW', |
|
64
|
|
|
'p2s' => '8Q1SzinasR3xchYz6ZZcHA', |
|
65
|
|
|
'p2c' => 8192, |
|
66
|
|
|
'cty' => 'jwk-set+json', |
|
67
|
|
|
'enc' => 'A128CBC-HS256', |
|
68
|
|
|
]; |
|
69
|
|
|
|
|
70
|
|
|
$expected_compact_json = 'eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g.VBiCzVHNoLiR3F4V82uoTQ.23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p.0HlwodAhOCILG5SQ2LQ9dg'; |
|
71
|
|
|
$expected_flattened_json = '{"protected":"eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","encrypted_key":"d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g","iv":"VBiCzVHNoLiR3F4V82uoTQ","ciphertext":"23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p","tag":"0HlwodAhOCILG5SQ2LQ9dg"}'; |
|
72
|
|
|
$expected_json = '{"recipients":[{"encrypted_key":"d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g"}],"protected":"eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"VBiCzVHNoLiR3F4V82uoTQ","ciphertext":"23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p","tag":"0HlwodAhOCILG5SQ2LQ9dg"}'; |
|
73
|
|
|
$expected_iv = 'VBiCzVHNoLiR3F4V82uoTQ'; |
|
74
|
|
|
$expected_encrypted_key = 'd3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g'; |
|
75
|
|
|
$expected_ciphertext = '23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p'; |
|
76
|
|
|
$expected_tag = '0HlwodAhOCILG5SQ2LQ9dg'; |
|
77
|
|
|
|
|
78
|
|
|
$decrypter = DecrypterFactory::createDecrypter(['PBES2-HS512+A256KW', 'A128CBC-HS256']); |
|
79
|
|
|
|
|
80
|
|
|
$loaded_compact_json = Loader::load($expected_compact_json); |
|
81
|
|
|
$decrypter->decryptUsingKey($loaded_compact_json, $private_key); |
|
82
|
|
|
|
|
83
|
|
|
$loaded_flattened_json = Loader::load($expected_flattened_json); |
|
84
|
|
|
$decrypter->decryptUsingKey($loaded_flattened_json, $private_key); |
|
85
|
|
|
|
|
86
|
|
|
$loaded_json = Loader::load($expected_json); |
|
87
|
|
|
$decrypter->decryptUsingKey($loaded_json, $private_key); |
|
88
|
|
|
|
|
89
|
|
|
$this->assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext())); |
|
90
|
|
|
$this->assertEquals($protected_headers, $loaded_compact_json->getSharedProtectedHeaders()); |
|
91
|
|
|
$this->assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV())); |
|
92
|
|
|
$this->assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey())); |
|
93
|
|
|
$this->assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag())); |
|
94
|
|
|
|
|
95
|
|
|
$this->assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext())); |
|
96
|
|
|
$this->assertEquals($protected_headers, $loaded_flattened_json->getSharedProtectedHeaders()); |
|
97
|
|
|
$this->assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV())); |
|
98
|
|
|
$this->assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey())); |
|
99
|
|
|
$this->assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag())); |
|
100
|
|
|
|
|
101
|
|
|
$this->assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext())); |
|
102
|
|
|
$this->assertEquals($protected_headers, $loaded_json->getSharedProtectedHeaders()); |
|
103
|
|
|
$this->assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV())); |
|
104
|
|
|
$this->assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey())); |
|
105
|
|
|
$this->assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag())); |
|
106
|
|
|
|
|
107
|
|
|
$this->assertEquals($expected_payload, $loaded_compact_json->getPayload()); |
|
108
|
|
|
$this->assertEquals($expected_payload, $loaded_flattened_json->getPayload()); |
|
109
|
|
|
$this->assertEquals($expected_payload, $loaded_json->getPayload()); |
|
110
|
|
|
} |
|
111
|
|
|
|
|
112
|
|
|
/** |
|
113
|
|
|
* Same input as before, but we perform the encryption first. |
|
114
|
|
|
*/ |
|
115
|
|
|
public function testPBES2_HS512_A256KWAndA128CBC_HS256EncryptionBis() |
|
116
|
|
|
{ |
|
117
|
|
|
$expected_payload = ['keys' => [ |
|
118
|
|
|
[ |
|
119
|
|
|
'kty' => 'oct', |
|
120
|
|
|
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a', |
|
121
|
|
|
'use' => 'enc', |
|
122
|
|
|
'alg' => 'A128GCM', |
|
123
|
|
|
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A', |
|
124
|
|
|
], [ |
|
125
|
|
|
'kty' => 'oct', |
|
126
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
127
|
|
|
'use' => 'enc', |
|
128
|
|
|
'alg' => 'A128KW', |
|
129
|
|
|
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ', |
|
130
|
|
|
], [ |
|
131
|
|
|
'kty' => 'oct', |
|
132
|
|
|
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d', |
|
133
|
|
|
'use' => 'enc', |
|
134
|
|
|
'alg' => 'A256GCMKW', |
|
135
|
|
|
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8', |
|
136
|
|
|
], |
|
137
|
|
|
]]; |
|
138
|
|
|
|
|
139
|
|
|
$private_key = new JWK([ |
|
140
|
|
|
'kty' => 'oct', |
|
141
|
|
|
'use' => 'enc', |
|
142
|
|
|
'k' => Base64Url::encode("entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun"), |
|
143
|
|
|
]); |
|
144
|
|
|
|
|
145
|
|
|
$protected_headers = [ |
|
146
|
|
|
'alg' => 'PBES2-HS512+A256KW', |
|
147
|
|
|
'p2s' => '8Q1SzinasR3xchYz6ZZcHA', |
|
148
|
|
|
'p2c' => 8192, |
|
149
|
|
|
'cty' => 'jwk-set+json', |
|
150
|
|
|
'enc' => 'A128CBC-HS256', |
|
151
|
|
|
]; |
|
152
|
|
|
|
|
153
|
|
|
$jwe = JWEFactory::createJWE($expected_payload, $protected_headers); |
|
154
|
|
|
$encrypter = EncrypterFactory::createEncrypter(['PBES2-HS512+A256KW', 'A128CBC-HS256']); |
|
155
|
|
|
|
|
156
|
|
|
$jwe = $jwe->addRecipient( |
|
157
|
|
|
$private_key |
|
158
|
|
|
); |
|
159
|
|
|
|
|
160
|
|
|
$encrypter->encrypt($jwe); |
|
161
|
|
|
|
|
162
|
|
|
$decrypter = DecrypterFactory::createDecrypter(['PBES2-HS512+A256KW', 'A128CBC-HS256']); |
|
163
|
|
|
|
|
164
|
|
|
$loaded_flattened_json = Loader::load($jwe->toFlattenedJSON(0)); |
|
165
|
|
|
$decrypter->decryptUsingKey($loaded_flattened_json, $private_key); |
|
166
|
|
|
|
|
167
|
|
|
$loaded_json = Loader::load($jwe->toJSON()); |
|
168
|
|
|
$decrypter->decryptUsingKey($loaded_json, $private_key); |
|
169
|
|
|
|
|
170
|
|
|
$this->assertTrue(array_key_exists('p2s', $loaded_flattened_json->getSharedProtectedHeaders())); |
|
171
|
|
|
$this->assertTrue(array_key_exists('p2c', $loaded_flattened_json->getSharedProtectedHeaders())); |
|
172
|
|
|
|
|
173
|
|
|
$this->assertTrue(array_key_exists('p2s', $loaded_json->getSharedProtectedHeaders())); |
|
174
|
|
|
$this->assertTrue(array_key_exists('p2c', $loaded_json->getSharedProtectedHeaders())); |
|
175
|
|
|
|
|
176
|
|
|
$this->assertEquals($expected_payload, $loaded_flattened_json->getPayload()); |
|
177
|
|
|
$this->assertEquals($expected_payload, $loaded_json->getPayload()); |
|
178
|
|
|
} |
|
179
|
|
|
} |
|
180
|
|
|
|
Spomky-Labs /
jose
